Submitting Corgea (#1069)

Author: asadeddin

_data/tools.json

@@ -1,4 +1,13 @@
 [
+      {
+      "title": "Corgea",
+      "url": "https://corgea.com/",
+      "owner": "Corgea",
+      "license": "Commercial or Free",
+      "platforms": "SaaS, IDE, CLI, On-Premises",
+      "note": "Corgea is an AI-powered SAST scanner that empowers developers to find and fix insecure source code. It can find business logic, broken auth, API security issues, and more with less false positives.",
+      "type": "SAST"
+       },
        {
        "title": "CVE Scanner",
        "url": "https://www.cvescanner.co.uk",

pages/Component_Analysis.md

@@ -298,6 +298,7 @@ and legal teams an opportunity to create solutions for healthy open source usage
 | [ClearlyDefined] | Open Source Initiative | Open Source | SaaS |
 | [CloudDefense.AI] | CloudDefense.AI | Commercial / Freemium | Cross Platform / SaaS |
 | [CodeSentry] | GrammaTech | Commercial | Cross Platform / SaaS |
+| [Corgea] | Corgea |  / Freemium | Cross Platform / SaaS |
 | [CxSCA] | Checkmarx | Commercial | SaaS |
 | [Debricked] | Debricked | Commercial/Freemium | SaaS |
 | [DejaCode] | nexB | Commercial | SaaS |
@@ -353,6 +354,7 @@ and legal teams an opportunity to create solutions for healthy open source usage
 [ClearlyDefined]: https://clearlydefined.io/
 [CloudDefense.AI]: https://www.clouddefense.ai/
 [CodeSentry]: https://www.grammatech.com/codesentry-sca
+[Corgea]: https://corgea.com/
 [CxSCA]: https://www.checkmarx.com/products/software-composition-analysis/
 [Debricked]: https://debricked.com/
 [DejaCode]: https://www.nexb.com/

pages/Free_for_Open_Source_Application_Security_Tools.md

@@ -78,6 +78,7 @@ In addition, we are aware of the following commercial SAST tools that are free f
     - [CodeSweep - GitHub Action](https://hclsw.co/codesweepgithub) - Scan the new code on a push/pull request using a GitHub action. Findings are highlighted in the `Files Changed` view and details about the issue and mitigation steps can be found in the `Actions` page. Unrestricted usage allowed with a free trial account.
   - [Aikido](https://www.aikido.dev/product) - Combines open source software with custom rules & features into a single dashboard with all your security findings. Includes both SAST and Library Analysis tools. [Free for small teams](https://www.aikido.dev/pricing).
   - [Arnica](https://www.arnica.io/solution/code-security) - Scans all source code repositories for code risks (SAST, SCA, IaC, license violations, and low 3rd party reputation) and hardcoded secrets. The platform comes with a [freemium plan](https://www.arnica.io/pricing) for unlimited time and users count. The [pipelineless security approach](https://www.arnica.io/blog/ci-cd-pipeline-security-vs-ide-plugins-vs-pipelineless-security) is the value the company charges for, so the visibility remains always free.
+  - [Corgea](https://corgea.com/) - An AI-native SAST scanner that helps developers find and fix insecure code. It detects business logic flaws, broken authentication, API vulnerabilities and more with minimal false positives. Corgea automatically generates security fixes for developers to review and approve. Integrates with GitHub, GitLab, Azure DevOps, IDEs and CLI. [Free to use](https://corgea.com/pricing).
   - [Kusari](https://kusari.dev/inspector) - Kusari Inspector seamlessly integrates software supply chain security analysis into your pull requests. This checks for bad dependencies, licenses, quality data. [Free for individual use](https://www.kusari.dev/pricing).
 
 ### DAST Tools
@@ -210,6 +211,11 @@ Commercial tools of this type that are free for open source:
      - Features automated fix pull request to automatically fix vulnerabilities (currently only for javascript)
      - Features one of the most complete [vulnerability databases](https://app.debricked.com/en/vulnerability-database) 
      - GitHub version: [https://github.com/apps/debricked/](https://github.com/apps/debricked/) 
+  - [Corgea](https://corgea.com) - AI-powered SAST scanner that finds and fixes security issues
+     - Finds business logic flaws, broken auth, API security issues and more
+     - Supports Python, Go, Javascript, Typescript, Ruby, C#, C, C++, Java, PHP, Kotlin and more.
+     - Integrates with IDE, CLI, CI/CD
+     - [Free tier](https://corgea.com/pricing) available for open source projects
   - [OX Security](https://www.ox.security) - Stop Attacks Across Your Software Supply Chain
      - Complete Software Supply Chain Security Solution, based on [Pipeline Bill Of Materials](https://www.pbom.dev/)
      - Manage your findings from a single location
@@ -358,6 +364,8 @@ Secrets detection is often confused with SAST because both scan through static s
 ### Automatic Remediation Tools
 
 - [Mobb](https://mobb.ai/) - Mobb is an automatic code fixer for security issues. It runs manually or as part of a pipeline, digests your SAST reports, and generates ready-to-be-merged pull requests that fix your issues.
+- [Corgea](https://corgea.com/) - Corgea connects to Semgrep, Snyk, CodeQL, Checkmarx and Fortify to remove false positives and issue fixes for security vulnerabilities. It supports Python, Go, Javascript, Typescript, Ruby, C#, C, C++, Java, PHP, and Kotlin. It can be run manually or as part of CI/CD pipelines. [Free to use](https://corgea.com/pricing).
+
 
 
 Please let us know if you are aware of any other high quality